Tuesday, November 24, 2015

William Braithwaite -- a health information privacy and security consultant and chair of the Healthcare Information and Management Systems Society's identity management task force -- noted that, no matter how long or complex passwords are, they're still vulnerable to theft. "The real problem is that passwords are being stolen, not that they're being broken," he said.

Tuesday, November 10, 2015

The only company that acknowledged using the software was Walmart. According to a spokesperson, the retailer tested facial recognition software in stores across several states for several months, but then discontinued the practice earlier this year.

“We were looking for a concrete business rationale … It didn’t have the ROI,” or return on investment, the spokesperson says.

Retailers and biometrics companies have been working together for years trying to figure out how to apply face recognition to the problem of shoplifting. As expected in a retail business, it all comes down to Return on Investment (ROI).

First, here's what modern shoplifting looks like. It isn't just teenagers pocketing lip-sticks and candy bars.

HAZEL PARK, Mich. — Police say a 7,600-square-foot warehouse served as the business hub for a sophisticated, multimillion-dollar theft ring that stole items from southeastern Michigan retailers and resold them on the Internet.

Veteran investigators said the shoplifting ring, which swiped as much as $15,000 a day in over-the-counter drugs and other goods from area stores, is the largest they have ever seen.

Oakland County Sheriff Michael Bouchard called the illegal business "amazing in size and scope" and one that likely operated for years before drug investigators spotted it last month.

The ring operators stored stolen items in the warehouse and sold them on the Internet through eBay, Amazon.com and other sites, investigators said.

Read the whole thing. Criminal organizations like these cause huge losses to retailers, higher prices to consumers, and increased production of dangerous street drugs.
More and more, shoplifting is an organized crime problem, and everyone who isn't in on the scam pays the price in one way or another.

Privacy issues associated with facial recognition in businesses open to the public get a lot of well-deserved attention. Clearly, facial recognition technology could be deployed in businesses open to the public in ways that are injurious to a reasonable person's expectation of privacy. Brainstorming those ways, however, takes us pretty far away from the ROI calculation that is motivating retail outlets to seek out technologies that can help them reduce losses due to theft.

The privacy focus for facial recognition in retail spaces should be on what data is collected and what happens to it. In this case that means the photos and personal information that goes along with them. The easy part is that retail establishments have been collecting information on suspected shoplifters for a long time now and they already have policies about what they collect, when they collect it, and how long they retain it. The hard part is that new facial recognition technology makes sharing the information easier, securing it more difficult (and important!), and it requires new training for loss prevention staff about what, exactly, the technology is telling them.

That brings us back to the ROI. Obviously, using facial recognition to prevent a $15,000 organized crime heist helps the ROI calculation. Using facial recognition to interrupt a shopper based upon a "false positive" ID hurts the ROI calculation. So there's at least a little bit of good news here for privacy: The ROI calculation that is so important to the business's decision whether or not to use a facial recognition system does have a built-in way to account for at least some privacy concerns.

Monday, November 9, 2015

Vein recognition technology is restricted to checking vein patterns of living body tissues and offers reliable reading. Moreover, vein patterns are nearly impossible to counterfeit. Many banks worldwide consequently have incorporated this technology into their ATMs to improve the user authentication procedure of these machines.

While the ease of duplicating fingerprints to hack biometric systems is regularly overstated, it is a possibility. I've never even heard of anyone trying to spoof a finger- or palm vein biometric system.

The trade-off for vascular biometrics is that the sensors are typically larger and more expensive than fingerprint readers and there are fewer vendors offering vein technology. Nevertheless, certain deployments recommend themselves well to vein biometrics.

Technology known as voice biometrics seems to be the next big thing in keeping your accounts safe and sound, especially with the alarming rise in call-in center fraud. In this latest version of trickery, criminals take advantage of human error and human emotions when they dial into a customer service line, describe some fictional situation that garners the representative’s sympathy, and subsequently gain access to sensitive data and, of course, money. $10 billion worth last year, in fact.

The purpose of identity management technology is to force fraudsters into social engineering. Identity management technologies can still help with that, too.

...[C]ontactless palm vein recognition technology is nothing new and was first demonstrated back in 2002 and is widely used. It works by extracting feature data from biometric data. With previous technologies, confidential data was encrypted with this feature data, but when decrypting, the feature data extracted from biometric data would usually be matched with the encrypted data. This does not present a problem when used in a personal device, such as a laptop or smartphone, but when used via an open network such as in the cloud, a more secure decryption technology is necessary to prevent leaks of biometric data.

The article discusses encryption within biometric templates using Fujitsu's palm vein technology, but the idea would seem to be applicable across biometric modalities.

Monday, November 2, 2015

Ministry sources said the application of fingerprint attendance system uncovered many employees who continued to receive their monthly salaries although they were absent from duty for several years, in addition to those who traveled abroad without permission and others held behind bars on legal issues.

The same sources affirmed that the authorities next month will start deducting salaries and hold absentees accountable for their actions, along with those who skip the fingerprint attendance system on a regular basis.

They noted the implementation of the system has uncovered the reality of all problems and complications the ministry endured throughout the years, and last week, about 3,000 of the estimated 7,500 employees were compelled to apply for leave, and "the mass leave application'' was to avoid their inclusion in the fingerprint attendance system, as they fall in the category of 'absentees and evaders' of the fingerprint attendance system.

With Hello enabled, logging in to the machine is as simple as sitting down in front of it. The lock screen shows the Windows Hello "eye" looking around, and the detection is near-instantaneous. It takes longer for Windows to dismiss the lock screen and show the desktop than it does for it to recognize you in the first place. In fact, it's so quick that a kind of delay had to be built in. If there were no delay, locking your PC with Windows+L (or the Start menu option) would be nigh impossible.

Welcome to the SecurLinx Blog

Here we draw attention to items of interest in the biometrics and identity-management landscape.

SecurLinx offers patented solutions that store, process and share biometric template information specific to the challenges of law enforcement, gaming and the security industry.

We see ourselves as building the bridge between Biometric Service Providers (BSP's) that create new technology and the end users that have a problem in search of a solution and who could not care less about the technology itself.

Contributors

SecurLinx Links

If you have a concern about any posting or comment being factually incorrect, please contact us. Please provide detailsof who you are, how we can contact you, what your interest is, and what your concern is. If something has been writtenthat is factually incorrect, it will be addressed. Anonymous complaints will be ignored.